I am implementing a nodejs application using sails.js. I want my user to communicate only through https. So for doing that I need to configure my server my way so that with each response it will add a header "Strict-Transport-Security", "max-age=31536000" to tell browser to communicate with HSTS only. Now how I can modify every response header that I am going to send from sails js.I searched the documentation but did not found any help.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Policies are only applied to the controllers that you explicitly assign them to in config/policies.js.
Instead of using a policy, try adding an express middleware directly in config/express.js, (create the file if it does not already exist). This middleware is applied to ALL controllers. The format is like so:
// config/express.js
"use strict";
exports.express = {
customMiddleware: function (app) {
app.use(function hsts(req, res, next) {
res.setHeader("Strict-Transport-Security", "max-age=31536000");
next();
});
}
}
If you have multiple express custom middleware that you want to use, my advice is to keep each middleware function in its own file. I will provide an example, using your middleware along with an additional middleware that accepts some options.
// config/express.js
"use strict";
var hsts = require('../lib/middleware/hsts');
var staticguard = require('../lib/middleware/staticguard');
exports.express = {
customMiddleware: function (app) {
// ordering of middleware matters!
app.use(hsts);
app.use(staticguard(/^\/protected\/.*$/));
}
}
// lib/middleware/hsts.js
"use strict";
module.exports = function hsts(req, res, next) {
res.setHeader("Strict-Transport-Security", "max-age=31536000");
next();
}
// lib/middleware/staticguard.js
"use strict";
module.exports = function (regex) {
return function (req, res, next) {
if (!regex.test(req.url)) {
return next();
}
res.end('you are not allowed!');
}
};
If you try to have multiple files export a function on the 'express.customMiddleware' namespace, I believe only the middleWare of the last file loaded will work. I haven't tried it though.
回答2:
You should be able to use Sails policies. With this you should be able to create a policy to change the headers being sent back.
// policies/hsts.js
module.exports = function hsts(req, res, next) {
res.setHeader("Strict-Transport-Security", "max-age=31536000");
};
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《Modify response header with sails.js for implement》','https://www.manongdao.com/article-675578.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}